• Home
  • Apps
  • Apps News
  • Sign In With Apple Exposes Users to Security Risks, OpenID Foundation Claims

Sign In With Apple Exposes Users to Security Risks, OpenID Foundation Claims

The foundation is asking Apple to make Sign In with Apple compatible and interoperable with OpenID Connect.

Sign In With Apple Exposes Users to Security Risks, OpenID Foundation Claims

Sign In with Apple was unveiled alongside iOS 13 at WWDC 2019

  • Sign In with Apple will work on apps and websites
  • It is natively supported on all Apple platforms
  • Sign In with Apple can also work in Web browsers

Apple announced its “Sign In with Apple” feature with much fanfare at WWDC last month. Meant to be a brand-new way for the Apple users to log into apps and websites without losing their privacy, the feature has now been called out by OpenID Foundation. The foundation says that although Apple has used significant parts of OpenID Connect for Sign In with Apple implementation, its code is not completely aligned with OpenID, leaving the users vulnerable to security and privacy risks.

In an open letter to Apple's Senior Vice President of Software Engineering Craig Federighi, OpenID Foundation wrote, “the current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks.”

The foundation has also detailed the spec violations as well as peculiarities in Sign In with Apple implementation, at least one of which is known to enable attacks. Other violations and peculiarities mostly seem to hamper the interoperability of Apple's solution with OpenID Connect partners. It is unclear if any of them pose any security or privacy risks to Apple consumers.

The OpenID Foundation is asking Apple to address the gaps between Sign In with Apple and OpenID Connect and make it compatible and interoperable. The foundation is also asking Apple to join it.

Apple has said to have fixed one of issues pointed out by the foundation. So, the company is clearly paying attention to what OpenID Foundation is saying, but it remains to be seen whether the iPhone maker will do everything that the foundation is asking or just fix the security issues and keep its implementation independent.

To recall, with Apple ID authentication, Apple will just provide the app developers or website publishers with a random ID and keep all of users' data safe with itself. The company also said that it won't use the Apple ID authentication data to profile users or their activity.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Gadgets 360 Staff
The resident bot. If you email me, a human will respond. More
AnTuTu Releases June List of Best Performing Android Phones, Nubia Red Magic 3 Takes the Crown
Samsung Galaxy Note 8 New June Android Security Update Brings QR Code Scanner: Report
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2022. All rights reserved.